May 2024 Windows 11 Non-Security Preview Update

 Microsoft released KB5037853 (OS Builds 22621.3672 and 22631.3672 today for Windows 11 23H3 and Windows 11 22H2. 

IMPORTANT:  The date for optional, non-security preview releases for Home and Pro versions of Windows 11, version 22H2 has been extended from February 27, 2024 to June 26, 2024. 

See the KB article for a long list of highlighted changes as well as a separate list of quality improvements included in the update for Windows 11 23H3 and Windows 11 22H2. 

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

References:

Windows 11 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

May 2024 Windows 10 Non-Security Preview Update

 Microsoft released KB5037849 for Windows 10 version 22H2 optional non-security release preview (Windows monthly updates explained).

Highlights included in the update:

• This update addresses an issue that displays a hidden window. Its title bar has no content and no client area. This occurs when you share your screen using certain apps

• This update addresses an issue that affects the Share button on USB controllers. It might not work with Game Bar.  

See the KB article for the list of quality improvements included in the update.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Update:  To get the update, go to Settings > Update & Security > Windows Update. The link to download and install the update can be found in the Optional updates available area.  To get the standalone package for this update, go to the Microsoft Update Catalog website.

Windows 10 update history

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Pale Moon Version 33.1.1 Released with Security Updates

 Pale Moon has been updated to version 33.1.1.  This is a minor security and bugfix update.

Changes/fixes:

• Made the nonce length for http digest auth configurable.
• Fixed various potential issues with font loading, parsing and handling.
• Cleaned up error reporting for workers and normalized error messages.
• Security issues addressed: CVE-2024-4772 DiD, CVE-2024-4771, CVE-2024-4769 and CVE-2024-4770.
• We've switched back to an older toolchain (17.3) for compiling 32-bit Windows binaries (again) to hopefully address some of the intermittent stability issues people continued to have on later Microsoft compiler versions when running on older hardware.

Notes:

*DiD This means that a fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Pale Moon includes both 32- and 64-bit versions for Windows: Pale Moon for Windows downloads.

Update: To get the update now, select "Help" from the Pale Moon menu at the upper left of the browser window.  Select About Pale Moon > Check for Updates.

Release Notes
Release Cycle

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 126.0.1 Released with Updates

   Mozilla sent Firefox Version 126.0.1 to the Release Channel.

Fixed

• Fixed an issue with reading tagged PDF documents in a screen reader. (Bug 1894849)

• Fixed not displaying localized text for non-en-US locales in the Crash Reporter dialog box on macOS. (Bug 1896097)

• Fixed issues with drag-and-drop functionality on Linux. (Bug 1897115)

• Fixed an issue causing high GPU memory usage on certain versions of AMD cards. (Bug 1897006)

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft May 2024 Security Updates

 

The Microsoft May 2024 security updates have been released and consist of 57 new patches to Microsoft products. In addition, 4 third-party CVEs are documented, bringing the total number of CVEs reported to 63.

Of the Microsoft CVEs released, 1 is rated critical,57 rated important and 1 is rated moderate in security. At the time of release, one of the CVEs is listed as being publicly known and under active attack.

The security updates apply to the following products, features and roles: Windows and Windows Components; Office and Office Components; .NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.

See the list of KBs at the bottom of the page at May 2024 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds. For specific information on Windows 11, versions 23H2 and 22H2, see KB5037771.  For Windows 10, Version 22H2 see KB5037778.

Recommended Reading:   See Dustin Childs review and analysis in Zero Day Initiative -- The May 2024 Security Update Review.

Additional Update Notes:

• MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly.  See Remove specific prevalent malware with Windows Malicious Software Removal Tool. 
• Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
  
• Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro and Windows 11 Home and Pro.
• Windows Update History:
• Windows 11
• Windows 10

 

References

• Security Update FAQ
• Security Updates Guide

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Acrobat/Reader Update with Security Updates

 

Adobe is releasing an update with new features for Acrobat and security updates for Acrobat and Reader. 

The security updates provide mitigations for vulnerabilities described in the corresponding security bulletins for Reader and Acrobat.

Update or Complete Download

Adobe Acrobat and Reader were updated to version 24.002.20759 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Version 126.0 Released with Security Updates

 Mozilla sent Firefox Version 126.0 to the Release Channel. ESR was updated to Version 115.11.0.

The update includes sixteen security updates of which two (2) are rated high, nine (9) are rated moderate, and five (5) are rated low.

High

#CVE-2024-4764: Use-after-free when audio input connected with multiple consumers

#CVE-2024-4367: Arbitrary JavaScript execution in PDF.js

Moderate

#CVE-2024-4765: Web application manifests could have been overwritten via hash collision

#CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for Android

#CVE-2024-4767: IndexedDB files retained in private browsing mode

#CVE-2024-4768: Potential permissions request bypass via clickjacking

#CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types

#CVE-2024-4770: Use-after-free could occur when printing to PDF

#CVE-2024-4771: Failed allocation could lead to use-after-free

#CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11

#CVE-2024-4778: Memory safety bugs fixed in Firefox 126

Low

#CVE-2024-4772: Use of insecure rand() function to generate nonce

#CVE-2024-4773: URL bar could be cleared after network error

#CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()

#CVE-2024-4775: Invalid memory access in the built-in profiler

#CVE-2024-4776: Window may remain disabled after file dialog is shown in full-screen

New

• The Copy Without Site Tracking option can now remove parameters from nested URLs. It also includes expanded support for blocking over 300 tracking parameters from copied links, including those from major shopping websites. Keep those trackers away when sharing links!
• Catalan is now available in Firefox Translations.
• Enabled AV1 hardware decode acceleration on macOS for M3 Macs.
• Telemetry was added to create an aggregate count of searches by category to broadly inform search feature development. These categories are based on 20 high-level content types, such as "sports,” "business," and "travel". This data will not be associated with specific users and will be collected using OHTTP to remove IP addresses as potentially identifying metadata. No profiling will be performed, and no data will be shared with third parties.  (read more)

Changed

• The URL Paste Suggestion feature added in Fx125 was temporarily disabled while the team investigates a potential performance issue. The feature will be re-enabled in a future release once the performance issue is addressed.

Update: To get the update now, select "Help" from the Firefox menu, then pick "About Firefox".  Mac users need to select "About Firefox" from the Firefox menu.  For non-English versions, Fully Localized Versions are available for download.

References

• Security Updates
• Release Notes
• Rapid Release Calendar
• ESR Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Optional Update for Adobe Reader and Acrobat

 

Adobe has released an optional update which contains enhancements around Gen AI features in Acrobat & Reader. For additional information see Generative AI features in Adobe Acrobat and Acrobat Reader.

Update or Complete Download

Reader DC and Acrobat DC were updated to version 24.002.20736 for Windows.  Updates should become available via the internal updater or checks can be manually activated by choosing Help/Check for Updates.  

Reader DC and other versions are available here: https://get.adobe.com/reader/

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

References

• Release Notes

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...